Linux Archive

Linux Archive (
-   ArchLinux Pacman Development (
-   -   makepkg: command line options for signing (

IgnorantGuru 02-19-2011 12:57 PM

makepkg: command line options for signing
On Fri, 18 Feb 2011 23:30:22 -0200
Denis A. Altoé wrote:

> Two new command line options were added:

Nice to see your work with makepkg in this area Denis - that's key (pun). From what I've reviewed of what you're doing, I would say you're working in an area that needs it for this to gain usage. So thanks! As for laziness, it's hard to get motivated in an area where your work isn't pushed through to actual use (that's what I meant by politics in this). But from what I'm reading it does sound like some of the devs here do 'get it' with regard to the gaping hole in Arch's package security, which is reassuring. I'm amazed there is so much contention on this issue, though.

What Sourceforge had to say after they got caught with their pants down on security: has been around a long time, and security decisions
made a decade ago are now being reassessed. In most cases past
decisions were made around the general principle that we trust open
source developers to work together, play nice, and generally do the
right thing. Services were rolled out based on widespread trust for the
developer community. And that philosophy served us well. But in the
years since then, we’ve evolved from hundreds of users to
millions, and in many cases it’s time to re-assess the balance between
widespread trust and security.

I think Arch is facing a similar transition. Due the quality work of its dev its coming of age, and part of that means more exposure and interest from a security perspective.

All times are GMT. The time now is 04:39 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.